
TL;DR
- Anthropic's analysis of 1.2 million Claude Cowork sessions shows AI agents are being used for business operations (33.4%) far more than software development (8.7%) — meaning AI has quietly become an operational backbone, not just a dev tool.
- Anthropic is expanding Claude Cowork to web and mobile, enabling always-on cloud agents with persistent access to enterprise systems from any device.
- 88% of IT and security leaders who deployed AI agents reported confirmed or suspected security incidents in the past year — yet only 14% deployed those agents with full security and IT approval.
- The gap between deployment velocity and governance frameworks is widening fast, creating serious risk for enterprises that aren't building safeguards in from day one.
The Boardroom Didn't See This Coming — But the Data Did
Ask most executives where AI is making its biggest impact inside their organization, and they'll probably say something about code generation, developer productivity, or maybe a chatbot that handles tier-one support tickets. Reasonable guesses. Also, according to fresh data from Anthropic, significantly wrong.
An analysis of 1.2 million anonymized Claude Cowork sessions conducted between May 11 and May 31 tells a different story. Business process and operations claimed the largest share of AI agent usage at 33.4% — more than three times the 8.7% attributed to software development. Content creation came in second at 16.4%, followed by DevOps and infrastructure (7%), research and intelligence (6.4%), and data analysis (5.8%).
In other words, while everyone was debating whether AI would replace programmers, it was already quietly processing documents, reconciling data, and drafting reports in the background — doing the unglamorous, high-volume operational work that keeps businesses running.
This isn't a niche experiment. This is a structural shift.
Always-On, Everywhere: What Claude Cowork's Expansion Actually Means
To capitalize on this momentum, Anthropic is rolling out Claude Cowork to web and mobile platforms (currently in beta). The practical implication: users can now start, monitor, and manage long-running AI agent sessions from any device, while the agent continues executing tasks in the cloud — even when the user steps away from their desk.
Think of it as giving your AI agent a set of office keys and telling it to keep working after hours. The agent can read progress updates, flag exceptions for human review, and resume conversations across devices seamlessly. For enterprise teams managing high-volume operational workflows, that kind of continuity is genuinely compelling.
Bhupendra Chopra, Chief Revenue Officer at IT consulting firm Kanerika, framed the workforce implications clearly:
"As AI agents take on routine knowledge work such as preparing reports, processing documents, and reconciling data, employees would increasingly shift from executing those tasks to supervising AI-generated outputs, reviewing exceptions, and applying business judgment."
Pareekh Jain, principal at Pareekh Consulting, added that the mobile and web expansion would reduce operational delays by keeping business processes moving even when teams are away from their desks — and would also help developers by making AI-assisted engineering more continuous rather than tethered to a desktop IDE.
All of this sounds great. Here's the part that should give every CIO a slight headache.
The Security Gap Is Not a Minor Footnote
When you give a background agent access to email, files, calendars, and enterprise systems — and then tell it to keep working while you're offline — you are expanding your attack surface in ways that traditional IT governance frameworks were never designed to handle.
The numbers from a Gravitee survey of 445 IT and security leaders are striking:
- 88% of leaders who deployed AI agents reported confirmed or suspected security incidents in the past year.
- Only 14% said their agents were deployed with full security and IT approval.
Let that second number sink in for a moment. Roughly 86% of enterprise AI agent deployments are happening outside of full security and IT sign-off. That's not a governance gap — that's a governance chasm.
Chopra put it bluntly:
"The deployment velocity is dramatically outpacing governance. A background agent reading email, files, and calendars while the user is offline requires very precise scoping of what it can access and what it can act on."
Jain echoed the concern, noting that always-on agents "continuously access enterprise systems and data," requiring stronger identity controls, least-privilege permissions, audit trails, approval workflows, policy enforcement, and continuous monitoring.
To be fair, Anthropic has been deliberate about building human-in-the-loop checkpoints into the Cowork architecture, and the approval request functionality baked into the web and mobile expansion reflects that philosophy. But technology guardrails at the platform level are not a substitute for enterprise-level governance. They're a starting point.
Why Deployment Speed Without Governance Is a Liability
Here's the uncomfortable truth that should be printed on every AI adoption roadmap: moving fast on AI agent deployment without a governance framework isn't a competitive advantage — it's a deferred liability.
Consider the threat model. A background agent with broad access to enterprise data, running persistently in the cloud, represents exactly the kind of target that sophisticated attackers love. Compromising the agent's credentials, manipulating its inputs, or exploiting overly permissive access scopes can expose far more than a single endpoint breach.
The traditional IT playbook — patch, monitor, restrict — doesn't map cleanly onto agentic AI workflows. These agents aren't just passive tools; they're autonomous actors executing multi-step tasks with real-world consequences. A misconfigured agent doesn't just fail quietly. It can send the wrong email, modify the wrong record, or expose sensitive data before anyone notices.
The governance framework that enterprises need right now includes:
- Least-privilege access controls — agents should only be able to touch what they absolutely need to complete their assigned task, nothing more.
- Audit trails — every action an agent takes should be logged and reviewable, full stop.
- Approval workflows — high-stakes actions (sending external communications, modifying financial records, accessing sensitive files) should require explicit human sign-off.
- Identity and authentication hygiene — agents need strong, rotatable credentials that are scoped and monitored like any other privileged account.
- Continuous monitoring — anomaly detection should be applied to agent behavior, not just human user behavior.
None of this is optional. All of it takes time to implement correctly.
The Opportunity Hidden Inside the Risk
It would be easy to read all of this and conclude that enterprises should slow down their AI agent adoption until governance catches up. That's the wrong takeaway.
The operational productivity gains are real. The data from Anthropic's session analysis makes clear that business teams — not just engineering teams — are finding genuine, high-volume value in AI agents. The question isn't whether to adopt; it's how to adopt in a way that doesn't trade short-term efficiency gains for long-term security exposure.
That's precisely where experienced implementation partners earn their value. The enterprises that will come out ahead are the ones that move with both speed and structure — deploying agents aggressively while building least-privilege access, audit trails, approval workflows, and continuous monitoring into the architecture from the very first session, not as an afterthought.
The AI agent era is already here. Business operations are being transformed right now, on every device, in the cloud, around the clock. The only real choice left is whether your governance framework is keeping pace — or scrambling to catch up after something goes wrong.
The smarter play is obvious. Build the guardrails before you need them, not after you wish you had.
Published in Stream · Dispatch #448 · July 9, 2026 · 7 min read.
Reply to paolo@mont3.ch - every email gets a human answer within 24h.